Described below are a method and an apparatus for authentication of multicast messages, especially of multicast messages which are exchanged between field devices of a peer-to-peer system and contain as payload data a GOOSE (Generic Object Oriented Substation Events) message or an SMV (Sampled Measured Values) message.
A field device, after detecting an event, transmits multicast messages to other registered field devices, which receive the multicast messages. These multicast messages are transmitted to the other field devices via a wireless or wired communication link by the field device which has detected the event. Such a field device can for example involve a protective device, for example an intelligent breaker circuit which is located in a transformer substation of a power supply network. The different field devices can exchange messages with one another for electrical protection and for transmission of measurement data. Furthermore the field devices can monitor and control different types of function. After detection of an event messages are not sent by a field device to a specific destination address but are sent as a broadcast or multicast message to different receiving field devices, which receive the multicast message and decide whether for their part they must process the received message. The multicast message is transmitted as a data packet which contains header data and payload data. The payload data contained in the multicast message can be formed by a GOOSE or an SMV message. Standard IEC61850 defines messages for substation controllers within an energy supply network. To protect the transmitted multicast message in this case the use of digital signatures is proposed in accordance with Standard IEC61850. For each message, to protect the message against manipulation or to protect its integrity on the transmitting field device side, a digital signature is computed and is identified by all receiving field devices.
However the significant disadvantage of this method of operation is that a considerable computing effort is required to create the digital signatures and for their verification by all receiving computing devices and the corresponding computing devices must have corresponding resources available to them to perform such calculations. In addition the verification of received multicast messages must occur within a predetermined response time, which can amount to just a few milliseconds.